Don’t Hand Over That Bitcoin Payment — Protect Yourself from Sextortion

    Did you get an email from someone trying to blackmail you? Chances are it’s a phishing scam.

    By Sheena Moore on July 24, 2018

    A new phishing email is turning heads, partly because of its seeming legitimacy, and partly because of what the sender threatens to do if you don’t comply. It’s a new twist on an old favourite, but here’s what to look out for so you can protect yourself.

    The Hook
    The most unnerving part of this email is that it references an actual piece of information about you, such as a password you currently use, a password you have used, or even a license plate number. That seems to give the perpetrators some credibility, but don’t fall for it. In reality, the scammers have gained a list of usernames, passwords, and other personal details that were compromised in a website data breach, and they’ve now created a script based on that information. 

    A myriad of websites have been hacked over the years, from Yahoo to LinkedIn. There’s no way of telling which breach these perpetrators are taking advantage of, but you can check if any of your accounts have been involved in a data breach at Have I Been Pwned

    The Threat
    Now that they’ve grabbed your attention with your compromised personal information, the perpetrators make their threat. They claim to have installed malware on your computer and have a recording of you watching sexually explicit materials. If you don’t pay their Bitcoin ransom, they threaten to release the video to all of your contacts.

    The Scam
    This type of scam is called sextortion, a serious crime that occurs when someone threatens to distribute your private and sensitive material if you don’t provide them sexual favours, images of a sexual nature, or money.

    Fortunately, the scammers behind this sextortion attempt do not actually have any private or sensitive material to threaten you with. As alarming as this email seems, it’s still a phishing attempt, and recipients should not reply to it or give in to the scammers’ demands.

    Here’s an example of one of these sextortion phishing emails: 

    I am well aware Password123 is your password.

    You don’t know me and you’re thinking why you received this e mail, right?

    Well, I actually placed a malware on the porn website and guess what, you visited this web site to have fun (you know what I mean). While you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger which provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account, and email account.

    What exactly did I do?

    I made a split-screen video. First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!).

    What should you do?

    Well, I believe, $1400 is a fair price for our little secret. You’ll make the payment via Bitcoin to the below address (if you don’t know this, search “how to buy bitcoin” in Google).

    BTC Address: 1Dvd7Wb72JBTbAcfTrxSJCZZuf4tsT8V72
    (It is cAsE sensitive, so copy and paste it)

    Important:

    You have 24 hours in order to make the payment. (I have an unique pixel within this email message, and right now I know that you have read this email). If I don’t get the payment, I will send your video to all of your contacts including relatives, coworkers, and so forth. Nonetheless, if I do get paid, I will erase the video immidiately. If you want evidence, reply with “Yes!” and I will send your video recording to your 5 friends. This is a non-negotiable offer, so don’t waste my time and yours by replying to this email.

    What to Look Out For
    All phishing emails have some common elements that mark them as scams:

    1. Generic greeting: notice that the perpetrators know your email address, but do not greet you by name. This is common in phishing emails. If someone had actually installed malware on your computer, they would know a lot more about you than just your email address. 
    2. Spelling or grammar mistakes: pay attention to the poor sentence structure in the opening lines, the grammar mistakes throughout, and the misspelling of “immediately” in the last paragraph. These are all clues that point to a phishing email.
    3. Urgent or threatening language: the attempt at blackmail, the 24-hour deadline, and the threat of sending your supposed video recording to five friends all suggest that this is a phishing attack.

    To learn more about how to spot a phishing attack, read To Catch a Phish.

    What to Do Next
    If you’ve received an email like this:

    1. Do not reply.
    2. Do not pay the Bitcoin ransom.
    3. Check Have I Been Pwned? to better understand which organization(s) the perpetrators may have retrieved your information from.
    4. Practice good password management, such as immediately changing your password if compromise is suspected, using a strong password, and not reusing the same favoured password across multiple valued accounts. Find more tips on creating strong passwords

    To ensure your information is as safe as possible, consider using a password manager. This will ensure that your passwords are safe in an encrypted cyber vault, and some password managers will tell you when your accounts were involved in a data breach so you can update all necessary passwords.

    If you are still unsure or have any other questions, then please reach out to the IST Service Desk at ist@ualberta.ca or 780-492-9400.